Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Heading Off Hack Attacks

WatchGuard and Entercept provide IT with different approaches to shielding network servers

While many security products such as intrusion detection and anti-virus technology concentrate on identifying and alerting administrators to attacks after theyve taken place, several companies are beginning to focus on preventing the conditions that invite such attacks.

Two companies in particular, WatchGuard Technologies Inc. and Entercept Security Technologies, have taken novel yet different approaches to the problem.

WatchGuard, a Seattle startup, this week will announce its Windows NT-based ServerLock technology, which defines two modes for each server: operational and administrative.

When the server is in operational mode—that is, transmitting and receiving traffic—all the machines administrative features and functions are unavailable.

Further reading

"This goes a long way toward making sure that nothing gets touched on your Web site," said Chip Moore, a security analyst at DataSafe Inc., of Boston, which has been testing ServerLock for three months. "Its much more effective than simple intrusion detection."

To perform tasks such as updating or reinstalling software or changing configuration settings or user preferences, the administrator must enter a password and change to administrative mode.

This change effectively takes the server offline and enables the administrator to perform maintenance without exposing the machine.

Not only does this protect servers from outside attacks, it also prevents administrative errors—such as the one that brought down Microsoft Corp.s Domain Name System servers a few weeks ago—from crippling a companys network.

"This is designed to protect the core of the network against people with administrative privileges doing bad things," said Jack Danahy, vice president and general manager of WatchGuard. "We assume a hacker will be able to get root privileges, and then we go from there."

Entercepts Entercept 2.0 sits at the kernel level and intercepts operating-system-level calls, compares them with a database of known attack signatures and then prevents the execution of the operation if it is found to be suspect.

Entercept can also protect servers against unknown attacks through much the same method. For example, if an attacker tries a new type of buffer overflow against a machine running Entercept, the software will look for a series of individual calls that make up all buffer overflow attacks, regardless of the actual hole they exploit.

"The idea is to stop whole classes of attacks, not just react to each individual exploit," said Robin Matlock, senior vice president at Entercept, in San Jose, Calif.